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(54) METHOD AND SYSTEM FOR CONTROLLING KEY FOR ELECTRONIC SIGNATURE 



(57) Two keys wliich are updated in the same updat- 
ing cyde at different times are prepared as signature 
keys (main key and auxiliary key) for electronic signa- 
ture, and the updating cycle of each key is divided into, 
for example, three periods. The first and last periods 
after the updating are used for the auxiliary key while 
the intermediate period is used for the main key. and an 
electronic signature is carried out with the main key. The 
electronic signature is confirmed with either of two con- 
firmation keys which are updated synchronously with 
updating the two keys used as the signature keys. This 
eliminates the need of stopping issuance of the elec- 
tronic signature or limiting a service offer upon updating 
the signature keys. 
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Description 
Technical Reld 

[0001] The present invention relates to an electronic 
signature key control method which can update the con- 
tents of a key Ibr electronic signature without limiting 
issuance of electronic signatures, an offer of various 
services based on the electronic signatures or the like, 
and to a system suitable for carrying out such a key con- 
trol method. 

[0002] Here, the electronic signature represents an 
electronic signature for proving the identity of a user by 
using a key peculiar to the user. 

Background Art 

[0003] For example, in a party (or a society) where 
members are identified by membership cards, it is quite 
important for the running of the party to make it possible 
to mutually evaluate the legitimacy of the membership 
cards among the members. Recently, it has been 
attempted that a membership card is issued in the form 
of a high-security medium, such as an IC card, so as to 
be an electronic identification card which can be pos- 
sessed only by a member, or issued as a member reg- 
ister certificate (electronic identification card) or an 
electronic ticket, which is difficult to be forged, using an 
electronic signature technique. 
[0004] The member register certificate, the electronic 
ticket or the like (referred to as "member register certifi- 
cate" for convenience in the following description) is 
required to make it possible not only to evaluate genu- 
ineness of the contents, but also to con-ectly confirm 
that a person using the member register certificate is a 
genuine member. Therefore, it has been carried out, 
using an electronic signature which can be produced 
only by the genuine member, to confirm whether the 
member register certificate is forged, or whether a per- 
son having the member register certificate is a right 
member. 

[0005] In the electronic signature, an encryption tech- 
nique based on a public key system Is normally utilized. 
Specifically, a given member register organization exe- 
cutes electronic signatures using its own secret key 
(signature key), and distributes a public key (confirma- 
tion key) corresponding to the signature key to all the 
members. When authenticating tiie electronic signa- 
ture, each member confirms the electronic signature 
using the confirmation key. 

[0006] Since the confirmation key itself does not 
include information showing that it is a legitimate public 
key of the member register orgariization, it is necessary 
to confirm the legitimacy of the confirmation key sepa- 
rately in advance. 

[0007] In the foregoing public key system, one of the 
grounds for security relies on the large calculation 
amount upon decoding. Accordingly, it leads to lowering 



of the security to continue using tfie same signature key 
and confirmation key over a long period of time, so that 
it is preferable to update each key at every given time 
period. Therefore, in general, it has been that the signa- 

5 ture key can be updated periodically and, tiiereupon. 
each member can obtain the confirmation key updated 
synchronously with the updating of the signature key. 
[0008] As a means for procuring the updated confir- 
mation key, it is considered that the member register 

10 organization distributes the new confirmation key to all 
tiie members simultaneously It is also considered to 
register the new confirmation key at a given public key 
certificate issuing center. 

[0009] In the latter case, the public key certificate issu- 
75 Ing center signs signature object data using its own 
secret key (center seaet key) to obtain a public key cer- 
tificate, and properly distributes this public key certifi- 
cate to the members. The members distributed with it 
confirm the electronic signature using a public key 
20 (center public key) of the public key certificate issuing 
center notified in advance. 

[001 0] When a certain member wishes a third party to 
confirm a member register certificate of his/her own. the 
member acquires a public key certificate and attaches 
25 the acquired public key certificate to the menriber regis- 
ter certificate. This makes it possible at tiie side confirm- 
ing an electronic signature to easily confirm the 
legitimacy of a new public key of the member register 
organization. 

30 [0011] The public key certificate is not necessarily 
always attached to the electronic signature, and it is suf- 
ficient to attach it only once when a signature key and a 
confirmation key are updated. 
[0012] When a certain member transmits a member 

35 register certificate to anotiier member through on-line, it 
may be omitted to attach a public key certificate for 
reducing tiie data amount upon the transmission. In this 
case, the public key certificate Is acquired at the side of 
a receiver member. 

40 [001 3] In any case, when using a public key certificate. 
It is necessary for a member utilizing a member register 
certificate or a member confirming the member register 
certificate to access the public key certificate issuing 
center so as to obtain the public key certificate every 

45 time a confirmation key is updated. 

[0014] As described above, when tiie signature key is 
updated, any of the following actions is carried out 
between the member register organization and the 
member or between the members: 

so 

(1) The member register organization distributes a 
new confirmation key to all tiie members: 

(2) When a certain member first uses a member 
register certificate, a public key certificate is 

55 acquired and attached; 

(3) A public key certificate is properly acquired at 
tiie side of a member confirming an electronic sig- 
nature. 
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[001 5] However, in the foregoing three cases, the fol- 
lowing problems are caused, respectively: 
[0016] In the case (1), when the member register 
organization performs a key updating process, since ail 
the users simultaneously access the member register s 
organization to acquire a new confirmation key, corre- 
sponding processes are concentrated to a system pro- 
vided at the side of the member register organization so 
that an operation of the system may become unstable. 
Particularly, when the number of the members is quite io 
large, it is necessary to stop issuance of member regis- 
ter certificates after the updating of the key until the new 
key has been distributed to all the users. 
[001 7] In the case (2), the data amount upon transmis- 
sion/reception is increased, and a time for acquiring the is 
public key certificate is additionally required. Further, if 
the public key certificate is forged, a false center public 
key is distributed, and thus, the risk relies on security of 
a center public key in the public key certificate issuing 
center. 20 
[0018] In the case (3), a member confirming an elec- 
tronic signature, for example, a member which offers 
some service after confirming a member register certif- 
icate of a certain member, acquires a public key certif i- 
cate after reception of the member register certificate of 25 
the certain member. Therefore, when the certain mem- 
ber first requests confirmation of the member register 
certificate after the updating of the key. the other mem- 
ber has to limit the offering of service until acquiring the 
public key certificate and confirming the member regis- 30 
ter certificate. For on-line accessing the public key cer- 
tificate issuing center or the member register 
organization to immediately acquire the public key cer- 
tificate, the communication cost increases correspond- 
ingly 35 
[001 9] As described above, there have been such dis- 
advantages that an operation of some of the systems is 
adversely affected or the service utilization by the mem- 
bers is limited every time the signature key is updated. 
[0020] It is an object of the present invention to pro- 40 
vide an electronic signature key control method with no 
such disadvantages, and a system suitable for carrying 
out such a key control method. 

Disclosure of Invention 45 

[0021] A key control method of the present invention 
which accomplishes the foregoing object is character- 
ized by preparing a plurality of keys whose contents are 
updated periodically at mutually different times; switch- so 
ing the plurality of keys one by one per switching cyde 
shorter than an updating cycle of each key; and using 
the switched key as a signature key for electronic signa- 
ture. It is effective for facilitating the key updating that 
the foregoing switching cycles are set to, for example, ss 
the same time length with respect to all the keys. 
[0022] Another key control method of the present 
Invention is characterized by dividing an updating period 
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of each of a plurality of keys, whose contents are 
updated periodically at mutually different times, into 
three periods; setting first and third divided periods as 
preliminary periods and an intermediate divided period 
as a use period for using as a signature key for elec- 
tronic signature; and switching the use periods of the 
respective keys so as to continue in time with each otiier 
but not to overlap with each other. 
[0023] Another key control metiiod of the present 
invention is characterized by preparing a first key 
updated periodically and a second key updated periodi- 
cally at different times as compared with tiie first key; 
using either of the first and second keys as a signature 
key for electronic signature by alternately switching 
tiiem per switching cycle shorter than an updating cycle 
of each key; making public in pair a tiiird key which is 
updated synchronously witii an updating time of the first 
key and becomes a confirmation key when the first key 
is the signature key. and a fourth key which is updated 
synchronously with an updating time of the second key 
and becomes a confirmation key when the second key 
is tiie signature key; and offering the third and fourtii 
keys for confirming the electronic signature. In this case, 
a use termination time may be added to each of the third 
and fourth keys. 

[0024] The foregoing updating cycle is set to no longer 
tiian a time period derived by subtracting an effective 
term of an electronic signature produced based on the 
corresponding key from an average time over which 
security of the corresponding key can be ensured. 
[0025] Another key control metiiod of the present 
invention connprises a step of preparing M (M repre- 
sents a natural number greater than one) signature keys 
updated periodically at mutually different times, and 
making public M confirmation keys at the same time, tiie 
M confirmation keys updated synchronously with updat- 
ing times of the signature keys, respectively; a step of 
executing an electronic signature witii respect to given 
signature object data by selecting one of the prepared 
M signature keys per cycle shorter than an updating 
cycle of the corresponding signature key in a given 
order; and a step of confirming the electronic signature 
using one of the M confirmation keys made public. 
[0026] Each of the foregoing key control methods can 
be carried out by an electronic signature key control 
system comprising a key holding means for holding a 
plurality of keys to be used as signature keys for elec- 
tronic signature; a key updating means for cyclically 
updating the contents of the plurality of keys at mutually 
different times; and a signature means for reading out 
tiie key, whose contents were updated by the key updat- 
ing means, from tiie key holding means according to a 
given rule, and executing an electronic signature witii 
respect to given signature object data using the read- 
out key as tiie signature key 
[0027] A key control system comprising a key holding 
means for holding a first key and a second key which 
are used as signature keys for electronic signature; a 
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key updating means for updating the contents of the first 
key and the second key in the same cycle at mutually 
different times; and a signature means for reading out 
the key, whose contents were updated by the key updat- 
ing means, from the key holding means according to a 
given rule, and executing an electronic signature with 
respect to given signature object data using the read- 
out first or second key as the signature key, is also pref- 
erable for carrying out each of the key control methods 
of the present invention. 

[0028] It is preferable that the foregoing key control 
system further comprises a key holding means for hold- 
ing a third key which is updated synchronously with the 
first key and becomes a confirmation key when the first 
key is the signature key. and a fourth key which is 
updated synchronously with the second key and 
becomes a confirmation key when the second key is the 
signature key, wherein when the electronic signature is 
caried out using the first or second key. the third and 
fourth keys are made public at the same time. 
[0029] The present invention further provides an elec- 
tronic signature authentication system which, upon 
receiving an electronic signature and confirmation keys, 
can judge whether the electronic signature in question 
is legitimate. 

[0030] This authentication system is characterized by 
comprising a signature receiving means for receiving an 
electronic signature produced with one of M (M repre- 
sents a natural number greater than one) signature 
keys, and M confirmation keys which are updated syn- 
chronously with updating the M signature keys including 
the signature key used for the electronic signature; and 
a signature confirming means for confirming the 
received electronic signature with one of the M confir- 
mation keys, wherein the electronic signature confirmed 
by the signature confirming means is judged to be legit- 
imate. 

[0031 ] It may be arranged that the signature receiving 
means receives a plurality of electronic signatures pro- 
duced with signature keys, updated at different times, of 
M signature keys, and M confirmation keys which are 
updated synchronously with updating the M signature 
keys including the signature keys used for the electronic 
signatures. When the confirmation is achieved by this 
authentication system, it is easily seen that the elec- 
tronic signature in question Is produced at least at the 
key control system of the present invention. 

Brief Description of Drawings 

[0032] 

Fig. 1 Is a schematic structural diagram of a mem- 
bership system to which the present invention is 
applied. Fig. 2 is a procedure explanatory diagram 
showing a delivery sequence of keys etc., Fig. 3 is 
a sequence chart showing the simplest example of 
a key updating schedule, Fig. 4 is a sequence chart 



showing a key updating schedule example wherein 
cycles change, Rg. 5 is a sequence chart showing 
another key updating schedule example wherein 
cycles change, Rg. 6 is a sequence chart showing 

5 a key updating schedule example wherein five keys 
are used. Fig. 7 is a block diagram showing a struc- 
tural example of a key control system of the present 
invention. Fig. 8A is a detailed block diagram of an 
information processing control section in the key 

w control system. Fig. 8B is a detailed structural dia- 
gram of a data file device, Rg. 9 is a block diagram 
showing an operation manner of a membership 
system, Fig. 1 0 is a procedure explanatory diagram 
for key delivery and key updating In the member- 

75 ship system of Fig. 9. Fig. 11 is a procedure explan- 
atory diagram for mutual authentication between 
members in the membership system of Fig. 9, Fig. 
12 is a procedure explanatory diagram for mutual 
authentication between members in the member- 

20 ship system of Fig. 9. Fig. 13 is a block diagram 
showing an operation manner of another member- 
ship system, and Fig. 1 4 Is a sequence chart show- 
ing a key updating schedule example in the 
membership system of Fig. 13. 

25 

Best Mode fdr Carrying Out the Invention 

[0033] First, a membership system applied with the 
present invention will be schematically explained. 

30 [0034] In this membership system, for example, a plu- 
rality of member operating systems which are operable 
only by members, a member register system provided 
at a member register organization which controls the 
members, and a public key certificate issuing center are 

35 mutually connected in a two-way communicable fesh- 
ion, for example, non-shown communication means are 
connected via a public network, so as to carry out key 
distribution tiirough authenticated communication. 
However, if the authenticated comnnunication is possible 

40 between each member ^derating system and the mem- 
ber register system, the open key certificate issuing 
center is not necessarily required. 
[0035] Although a common key system, i.e. a system 
where a signature key and a confirmation key are the 

45 same key. may also be used In the authenticated com- 
munication, It is assumed for convenience in the follow- 
ing description that tiie foregoing public key system is 
used. 

[0036] The member register system has a function of 
50 performing a member registration in response to mem- 
ber registration request information from each member, 
a function of issuing a member register certificate to 
each registered member using a secret key (i.e. signa- 
ture key) of its organization, a function of updating tiie 
55 signature key periodically, and a function of producing 
and updating a public key (i.e. confirmation key) con-e- 
sponding to the signature key. These functions will be 
described later in detail. 
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[0037] The public key certificate issuing center pro- 
duces an electronic signature with its own secret key 
(center secret key), using a name of the member regis- 
ter organization, the confirmation key produced at the 
member register system, and other Information (signa- 5 
ture algorithm, effective term of signature, etc.) as sig- 
nature object data, holds it as a public key certificate 
and properly Issues the public key certificate In 
response to a request from each member. 
[0038] Each member operating system acquires the 
confirnnation key directly from the member register sys- 
tem or via the public key certificate issuing center, and 
applies for a member registration. When acquiring the 
confirmation key via the public key certificate issuing 
center, a process of confirming the public key certificate 
with a public key (center secret key) of the public key 
certificate issuing center is required. 
[0039] In the following description, the member oper- 
ating system will be referred to as "member", the mem- 
ber register system as "member register organization" 
and the public key certificate issuing center as "^center", 
except for a case wherein it is necessary to show the 
system structure or Its constituent components. 
[0040] Fig. 1 is a diagram schematically showing the 
state of delivery and reception of keys and other elec- 
tronic information carried out among the member regis- 
ter organization, the members and the center. A portion 
associated with the center CA Is shown by broken lines, 
meaning that, as described before, It is not essential but 
used in this example. 

[0041] In Fig. 1 . "SkTI" and "SkT2" represent signa- 
ture keys before and after updating. "PkTr and ''PkT2" 
represent confirmation keys, "SkCA" represents a 
center secret key "PkCA" represents a center public 
key, "CERT" represents a public key certificate, and "L1 , 
L2" are member register certificates issued to the mem- 
bers U1 and U2. An electronic signature with the signa- 
ture key (SkTI. SkT2) Is executed upon Issuing the 
member register certificate. In the description hereinaf- 
ter, the issuance of the member register certificate is 
synonymous with the electronic signature. 
[0042] A delivery sequence for the keys etc. in Fig. 1 
is as shown In Rg. 2. 

[0043] It is assumed that each of the members U1 and 
U2 acquires in advance the center public key PkCA and 
can confirm tiie public key certificate upon acquisition 
thereof. 

[0044] First, tiie signature key SkT1 and the confirma- 
tion key PkT1 are prepared at the member register 
organization T (step S101). The confirmation key PkT1 
is registered at the center CA (steps S102 and SI 03). 
After acquiring the public key certificate CERT (PkTI) 
from the center CA (step SI 04), the member U1 applies 
for a member registration to the member register organ- 
ization T. In this event, the member U1 sends out its own 
confirmation key (PkU1) (step S105). With respect to 
the confirmation key (PkUl) of the member and other 
information, tiie member register organization T Issues 



the member register certificate LI using the signature 
key SkTI (step Si 06). 

[0045] After a lapse of a given time, the member reg- 
ister organization T updates the signature key SkTI to 
tiie signature key SkT2 (step SI 07). Then, tiie confir- 
mation key PkT2 corresponding to tiie signature key 
SkT2 after the updating is re-registered at the center CA 
(steps S1 08 and S109). 

[0046] After acquiring the public key certificate CERT 
(PkT2) from the center CA (step S110). the member U2 
applies for a member registration to the member regis- 
ter organization T. In this event, the member U2 sends 
out its own confirmation key (PkU2) (step S111). With 
respect to this application for the member registration, 
tiie member register organization T issues the member 
register certificate L2 using tiie signature key SkT2 
(step S112). Thereafter, the members U1 and U2 carry 
out mutual authentication based on the member register 
certificates L1 and L2 (step S1 13). 
[0047] When the keys etc. are delivered as described 
above, at least tiie fbllowings are required to be carried 
out: 

(1) The member register organization T periodically 
updates tiie signature key SkT and tiie confirmation 
key PkT without stopping the issuance of tiie mem- 
ber register certificate; 

(2) The member register certificate LI Issued using 
the signature key SkTI and the member register 
certificate L2 issued using tiie signature key SkT2 
are correctly confirmed through off-line between 
tiie members U1 and U2; 

(3) Upon confirming the member register certifi- 
cates L1 and L2. an operation of transmitting addi- 
tional information, for example, the public key 
certificate CERT (PkT), to the side of a counterpart 
is omitted. 

[0048] The key control method of the present inven- 
tion carried out at tiie member register organization T 
for solving them will be described hereinbelow. 
[0049] First, an example is cited as the simplest exam- 
ple, wherein one of two keys Is set as a main key and 
tiie other as an auxiliary key, and eitiier of them is used 
as a signature key for electronic signature by switching 
tiiem according to a given rule, and further, two confir- 
mation keys corresponding to the two signature keys 
are used In pair for confirming tiie electronic signature. 
That is, a main key and an auxiliary key are prepared for 
each of tiie signature key SkT and tiie confirmation key 
PkT Hereinbelow, when it is necessary to distinguish 
between tiie main key and the auxiliary key. the signa- 
ture key SkT as the main key will be referred to as "sig- 
nature main key", the signature key SkT as the auxiliary 
key as "signature auxiliary key", the confirmation key 
PkT as tiie main key as "confirmation main key", and tiie 
confirmation key PkT as the auxiliary key as "confirma- 
tion auxiliary key**. 
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[0050] The keys are periodically updated at mutually 
different times. Updating cycles are not necessarily the 
same in time length. An average time period for safe 
use (safe use term) is set in each key. and an updating 
cyde of the key is set to no greater than a time period 5 
derived by subtracting an effective term of an electronic 
signature produced based on the corresponding key 
from a safe use term of the corresponding key. This 
aims to ensure the security of the key by updating it 
before decoding thereof. The setting of the safe use w 
term can be carried out by adjusting a security parame- 
ter of the key, such as a length of the key. The effective 
term of an electronic signature is equal to or shorter 
than a period which is the shorter of a first divided 
period and a last divided period. 15 
[0051] Fig. 3 is a diagram conaetely showing an 
updating schedule of each key. Since a relationship 
between the main key and the auxiliary key is common 
to the signature key SkT and the confirmation key PkT. 
it is shown with respect to only one of them. Here, for 20 
convenience, update object periods of the two keys are 
both set to one year, safe use terms thereof are both set 
to five years and updating cycles thereof are all set to 
four years, and each key is used as an auxiliary key in 
the first one year and the last one year and as a main 2S 
key in the intermediate two years. In the figure, "aO", 
"ar. "a3" and ••a4" represent the contents (values) of 
the keys, respectively. 

[0052] In the example of Fig. 3. a use period of one of 
the keys continues in time with a use period of the other 30 
key, and both use periods do not overlap with each 
other. Further, the sum of the periods as the auxiliary 
key is set equal in time length to the use period, and 
moreover, the first one year as the main key and the last 
one year as the auxiliary key before updating are set to 35 
coincide with each other, and the last one year as the 
main key and the first one year as the auxiliary key after 
updating are set to coincide with each other. This is 
mainly for considering easiness of the key control. 
[0053] The key updating is carried out at a start point 40 
of the last one year while one of the keys continues to 
be the main key. Then, the use period of the updated 
key is started at a time point of termination of the use 
period of the one of the keys. 

[0054] A combination of the contents of the main key 45 
and the auxiliary key in each of the update object peri- 
ods differs from that in another period. Specifically, it is 
aO and a1 in a certain update object period while a1 and 
aO in another update object period, or a1 and a2, ... 
[0055] When the foregoing key updating is applied to so 
the signature key (SkT). the corresponding confirmation 
key (PkT) is also updated. The signature main key is 
used for producing an electronic signature, i.e. for issu* 
ing a member register certificate, while either of the 
confirmation main key and the confirmation auxiliary 55 
key is used for confirming the electronic signature, i.e. 
for confirming the member register certificate. Despite 
the foregoing switching, each key can be used as a sig- 



nature key 

[0056] An effective term of the member register certif- 
icate, issued using the signature main key while the key 
updating Is executed according to the foregoing sched- 
ule, becomes one year, i.e. one period. Accordingly, as 
described before, if the two members U1 and U2 mutu- 
ally confirm the member register certificates L1 and L2. 
they were issued in the same period or in the periods 
offset only by one. In case of member register certifi- 
cates issued in the periods offset by two, an effective 
term of one of them has expired. Each of the members 
having the member register certificates whose effective 
terms overiap with each other, can confirm the member 
register certificate of the other member using either of 
the confirmation main key and the confirmation auxiliary 
key 

[0057] It Is possible to add a use termination time to 
the confirmation main key and the confirmation auxiliary 
key so that, when confirming a member register certifi- 
cate of another member, a member is prevented from 
using the key exceeding the use termination time. This 
makes it possible to easily deal with unjust alteration 
carried out through decoding of the key exceeding the 
use termination time. 

[0058] In the example of Fig. 3, the updating cycles of 
the two keys are all set to four years. However, as 
shown in Rgs. 4 and 5, the key control method of the 
present invention can be can'ied out even when updat- 
ing cycles of two keys A and B are not constant, respec- 
tively 

[0059] For example, in a key updating schedule exam- 
ple of Fig. 4, the updating cycles of the keys A and B 
change, though periodically, as 5 years, 6 years, 5 
years, 6 years, ... In this example, like in the example of 
Fig. 3, while one of the keys is used as a main key the 
other key becomes an auxiliary key However, it differs 
in that use periods of each key are not constant. Specif- 
ically the use periods may be two years in five years 
and three years In five years. However, even In this 
case, the key updating can be smoothly earned out by 
updating one of the keys while the other key continues 
to be a main key and by starting a use period of the 
updated key (which Is an auxiliary key up to then) at a 
time point of termination of the use period of the other 
key Further, by setting safe use terms of the respective 
keys to be longer than the foregoing updating cycles 
and by setting an effective term of the electronic signa- 
ture to be no longer than one year from a time point 
when it can be used as the signature main key the 
security upon using the key can be ensured. Also in this 
case, the confirmation main key and the confirmation 
auxiliary key are made public in pair, and the electronic 
signature can be confirmed using either of the paired 
confirmation keys. 

[0060] In a key updating schedule example of Fig. 5, 
updating cycles of a key A change as 5 years, 6 years. 
5 years. 6 years. .... while updating cycles of a key B 
change as 5 years, 5 years. 6 years. 6 years, ... Also in 
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this case, by executing the key updating according to a 
rule like the above and by alternately switching between 
a main key and an auxiliary key, effects similar to those 
in the examples of Figs. 3 and 4 can be expected. 
[0061] In the foregoing exanples, two keys are pre- s 
pared for each of signature and confirmation. However, 
the key control method of the present invention can be 
carried out even in a case of more than two keys. For 
example, Fig. 6 shows a key updating schedule exam- 
ple wherein five keys are used. io 
[0062] In the example of Fig. 6, for convenience, five 
keys A to E are alt updated per cycle of five years and 
alternately swrtched to main keys per year, respectively. 
Specifically, periods of each key to be used as an auxil- 
iary key are two years before and after a use period 
(one year), respectively. If a safe use term of each of the 
keys A to E is set to no shorter than seven years, an 
effective term of an electronic signature can be set to 
two years at maximum, which is longer than the effec- 
tive term (no longer than one year) in the example of 
Fig. 3 (the number of keys is two). 
[0063] In the key updating schedule example of Fig. 6, 
the number of confirmation keys simultaneously made 
public for confirmation after producing the electronic 
signature is five at maximum. Like In the example of Fig. 

3, the electronic signature can be confirmed using any 
one of the five confirmation keys. As described before, 
the updating cycles of each of the keys A to E are not 
necessarily the same in time length. 
[0064] Now, a key control system for carrying out the 
foregoing key control methods will be described. 
[0065] The key control system is provided independ- 
ently or dispersedly at the individual systems of the 
membership system, for example, at the foregoing 
member register organization T. As shown in Fig. 7. the 
key control system comprises an arithmetic processing 
device 1. a display output device 2, a data input/output 
device 3. a communication network connecting device 

4, an information processing control section 5. a data 
file device 6, a time control device 7 and a key produc- 
ing device 8. 

[0066] The arithmetic processing device 1 is a kind of 
a computer which realizes required functions by execut- 
ing a program stored in a non-shown external storage 
device or ROM. The display output device 2 is a display 
for visualizing the results of processing by the arithmetic 
processing device 1 etc. The data input/output device 3 
includes a mouse, other pointing devices, a keyboard, 
an external storage device and interfaces between 
them. The communication connecting device 4 controls 
communications between various members and the 
center CA. The time control device 7 is a timer, and the 
key producing device 8 is a device for producing keys. 
[0067] The information processing control section 5 is 
a functional block which is formed, for example, when 
the arithmetic processing device 1 reads and executes 
the foregoing program. As shown in Fig. 8(a), the Infor- 
mation processing control section 5 comprises a timing 



assigning section 51 for assigning a timing of mode 
updating, an updating section 52 for carrying out the 
mode updating, a switching section 53 for switching 
between a main key and an auxiliary key. an exchanging 
section 54 for exchanging the key contents of the main 
key and the auxiliary key, a producing section 55 for 
executing an electronic signature, and a transmitting 
section 56 for transmitting the electronic signature, the 
main key and the auxiliary key to the exterior. 
[0068] The timing assigning section 51 outputs a tim- 
ing for selectively applying a mode A for transferring the 
key contents of one divided period to a subsequent 
divKled period and a mode B for exchanging tiie key 
contents mutually upon shifting from a prior divided 
period to a subsequent divided period. 
[0069] In the key updating schedule example of Fig. 3. 
tiie mode B is applied upon shifting to the second year 
after a lapse of one year so that the key contents aO and 
a1 are exchanged between the main key and the auxil- 
iary key. The nxxie A is applied upon shifting to the third 
year after a lapse of two years, wherein the key contents 
al of the main key are succeeded while the key con- 
tents aO of the auxiliary key are updated to "a2". Since 
tiie mode A and the mode B are applied cyclically, a 
cycle until the mode B Is applied after tiie mode A may 
be referred to as "cycle A", while a cycle until the mode 
A is applied after tiie mode B may be referred to as 
"cycle B" in the description hereinbelow. 
[0070] The updating section 52 carries out the forego- 
ing mode switching and stores a mode flag (cycle A/B) 
representing a current cycle in the data file device 6 so 
as to be referred to upon subsequent mode updating 
(cycle switching). The switching section 53 switches 
between the main key and tiie auxiliary key witii respect 
to the keys for each of signature and confirmation. The 
exchanging section 54 exchanges the key contents for 
new ones. The producing section 55 executes, using the 
signature main key, an electronic signature with respect 
to signature object data designated per signature pro- 
ducing request. 

[0071] As shown in Fig. 8(b), the data file device 6 
stores therein a mode flag 61 , a confirmation main key 
62. a signature main key 63, a confirmation auxiliary key 
64 and a signature auxiliary key 65. The member regis- 
ter organization T holds the confirmation main key 62 
and the confirmation auxiliary key 64 because there is a 
chance that the confirmation keys are directly distrib- 
uted to tiie members, not via tiie center CA. 
[0072] Now. an operation manner of a membership 
system utilizing the foregoing key confrol system will be 
described. 

[0073] As schematically shown in Fig. 9, the member- 
ship system is constituted by connecting a ticket selling 
organization B, a user member U and a service offerer I 
being members, respectively, to a member register 
organization T via a communication network Although 
tiie key control system of the present Invention is pro- 
vided at the member register organization T, It may also 
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be arranged that the other members are also provided 
therewith. It is assumed that each member is capable of 
at least authenticated communication using an encryp- 
tion technique. 

[0074] An operation procedure of the membership 
system is as shown In Figs. 10 to 12. 

(1) Menlber Registration 

[0075] Referring to Fig. 10, the member register 
organization T first sets a date to carry out key updating 
(for example. January 1 every year). Further, the mem- 
ber register organization T prepares the confirmation 
main key PkTm 62, the signature main key SkTm 63, 
the confirmation auxiliary key PkTs 64 and the signa- 
ture auxiliary key Skis 65. and sets the nrxxie nag 61 to 
"cycle A" (step S201). 

[0076] The user member U prepares its own signature 
key SkU and confirmation key PkU, and transmits mem- 
ber registration request information including the confir- 
mation key PkU and member information IdU such as a 
user name to the member register organization T (step 
S202). 

[0077] In the member register organization T. the con- 
firmation key PkU is extracted from the transmitted 
member registration request information, and signature 
object data is obtained by adding an effective term Elu 
to the confirmation key PkU at the producing section 55 
of the key control system. Then, the member register 
organization T signs the signature object data using the 
signature main key SkTm and issues a member register 
certificate Lu. Thereafter, the transmitting section 56 
transmits the member register certificate Lu together 
with the effective term Elu. the confirmation key PkU, 
the member information IdU and the foregoing confir- 
mation main key PkTm 62 and confirmation auxiliary 
key PkTs 64 to the user member U (step S203). 
[0078] The member register organization T can 
receive a member registration request at any time and 
issues the member register certificate Lu which is effec- 
tive for one year from a date of a member registration. 
[0079] Similarly, the ticket selling organization B and 
the service offerer i also request member registrations 
and receive member register certificates Lb and Li. 
[0080] When tiie first key updating date (January 1) 
comes, the member register organization T refers to the 
mode flag 61 and updates the current cycle A to the 
cyde B attiie updating section 52 (step S204). Subse- 
quentiy, the switching section 53 switches between the 
main key and the auxiliary key (step 8205). 
[0081] When the second key updating date (January 
1 next year) comes, the member register organization T 
updates the current cycle B to the cycle A at the updat- 
ing section 52 (step 8206). Subsequentiy. new keys pro- 
duced at the key producing device 8 are kept as 
auxiliary keys at tfie exchanging section 54 (step 8207). 
These are repeated by one more cycle in four years 
being an updating cycle (steps 8208 to 821 1). 



[0082] It is preferable in view of the security tiiat the 
distribution of the confirmation keys (transmission of the 
oonfirmation^main key PkTm 62 and the confirmation 
auxiliary key" PkTs 64) to the user member U, the ticket 

5 selling organization B and the sen/ice offerer I Includes 
off-line processes. For example, also by using a method 
of handing over upon meeting, mailing, sending by fac- 
simile or the like, more security is ensured. If carrying 
out only the on-line transmission, some kind of authen- 

10 ticated communication is required. 

[0083] When using a public key certificate of the 
center CA, since the normal public key certificate 
includes only one confirmation key being a public key. 
tiiere are a method of modifying a format of public key 

75 certification to include two public keys and a method of 
using two public key certificates. This makes it possible 
to utilize the public key certificate of the center CA, 

(2) Registration of Service Offer Information 

20 

[0084] Referring to Fig. 1 1 , the service offerer I trans- 
mits item information depending on necessity, such as 
service offer guarantee information C. a confirmation 
key PkB of the ticket selling organization B, an effective 

25 term Ec of the sen/ice, an issue consecutive number Rc 
of a ticket, member information Idl and the service con- 
tents/amounts of money, to the ticket selling organiza- 
tion B (step S301). These are information which 
enables tiie service offerer I to confirm, after the fact, 

30 the genuineness of a ticket sent after the fact. By regis- 
tering such information in advance at the ticket selling 
organization B. tiiere is a merit that when the user mem- 
ber U commits double uses of tiie ticket or the ticket sell- 
ing organization B commits an unjust thing, it can be 

35 detected before service offering. 

(3) Sale of Ticket 

[0085] When mutually confirming the member register 
40 certificates Lu and Lb between the user meniber U and 
the ticket selling organization B. the following procedure 
is carried out: 

[0086] The user member U first transmits the member 
register certificate Lu, the confirmation key PkU. the 

45 effective term ElU and a challenge (authentication 
request) to the ticket selling organization B (step 8302). 
Here, the challenge is used as an example of the 
encryption technique/signature technique. 
[0087] The ticket selling organization B ta^ies both of 

so the confimiation main key PkTm and the confirmation 
auxiliary key PkTs held by itself, on the member register 
certificate Lu etc. sent from the user member U (step 
S303). It does not matter which of the member register 
certificate Lu of the user member U and the member 

55 register certificate lb of the ticket selling organization B 
was issued earlier, or whether the member register 
organization T updated the signature key between tiie 
prior issuance and the later issuance. As long as the 
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member register certificates Lu and Lb are both effec- 
tive, the signature can be confirmed using either of the 
confirmation keys. It is not necessary to go to the public 
key certificate issuing center CA to obtain the public key 
certificate, or transmit it from the user. If the signature is 
confirmed by either of the confirmation keys, the proce- 
dure advances to a subsequent step. If not confirmed, 
since this means that the member register certificate Lu 
is not effective, sale of a ticket is refused (step S304: 
No. step S305). 

[0088] Then, the ticket selling organization B transmits 
a signature, which was produced using a signature key 
SkB of the ticket selling organization B with respect to 
the its own member register certificate Lb, the confirma- 
tion key PkB, an effective term EIB and the challenge 
sent from the user member U, to the user member U 
(stepS306). 

[0089] The user member U tries both of the confirma- 
tion main key PkTm and the confirmation auxiliary key 
PkTs held by itself, on the member register certificate 
Lb sent from the ticket selling organization B (step 
S307). If the signature is confirmed by either of the con- 
firmation keys, the procedure advances to a subsequent 
step. If not confirmed, since this means the member 
register certificate Lb to be non-effective and tiiere is a 
possibility of a false ticket selling organization, the pur- 
chase is stopped (step S307: No, step S308]. 
[0090] When the member register certificate Lb is 
confirmed, the user member U confirms the signature of 
the ticket selling organization B relative to the challenge 
sent by itself, using the confirmation key PkB of the 
ticket selling organization B. If confirmed, the procedure 
advances next. It has been confirmed that the confirma- 
tion key PkB is a genuine public key of the ticket selling 
organization B, by confirming the member register cer- 
tificate Lb of tiie ticket selling organization B. 
[0091] The user member U transmits information H 
about a ticket to be purchased, attached with an elec- 
tronic signature produced by the signature key of tiie 
user member U relative to ticket inlbmiation and a chal- 
lenge produced by the ticket selling organization B, to 
the ticket selling organization B so as to apply for a pur- 
chase of the ticket (step S309). 
[0092] The ticket selling organization B confirms the 
ticket information and its electronic signature sent from 
the user member U, using the confirmation key PkU of 
the user member U (step S310). If the ticket information 
and Its electronic signature are confirmed, the proce- 
dure advances to a subsequent process (step S31 1 : 
Yes). If not confirmed, since tills means tiiat one ottier 
than a legitimate holder of the member register certifi- 
cate Lu applies for the purchase, or that data is altered 
during communication, the sale of tiie ticket is refused 
(stepS311:No.stepS312). 

[0093] The ticket selling organization B produces 
ticket signature information F with respect to signature 
object data including the confirmation key PkU of ttie 
user member U, the service offer guarantee information 



C, the effective term Ec. the issue consecutive number 
Rc. tiie member information Idl. a ticket sale consecu- 
tive number Rf of the ticket selling organization B, and a 
ticket effective term Ef. Since the ticket signature infor- 

5 mation F should take a different value per ticket, the sig- 
nature object data includes the ticket sale consecutive 
number Rf. Thereafter, the member register certificate 
Li of the sen^ice offerer I, a confirmation key Pkl, an 
effective term Eli, the ticket sale consecutive number Rf, 

10 tiie ticket effective term Ef and the ticket signature infor- 
mation F are transmitted to the user member U (step 
S313). 

[0094] The user member U checks the member regis- 
ter certificate Li of the service offerer I using the conf ir- 

15 mation keys PkT of tiie member register organization T. 
If the member register certificate Li is confirmed, tiie 
user member U confirms the foregoing service offer 
guarantee information C using the confirmation key Pkl 
of the service offerer I and furtiier confirms the forego- 

20 ing ticket signature information F using the confirmation 
key PkB of the ticket selling organization B. If the ticket 
signature information F etc. are confirmed, the user 
member U pays a charge $ (step S31 4). 

25 (4) Use of Ticket 

[0095] Referring to Fig. 1 2, the user member U trans- 
mits the member register certificate Lu. the confirmation 
key PkU, tiie effective term Elu and a challenge to ttie 

30 service offerer 1 (step S401). 

[0096] The service offerer I, like the ticket selling 
organization B, confirms tiie member register certificate 
Lu of tiie user member U (step S402). If confirmed, tiie 
service offerer 1 transmits the member register certifi- 

35 cate Li of tiie service offerer I. an electronic signature 
relative to the challenge, and a challenge to the user 
member U (step S403: Yes, step S405). 
[0097] The user member U also confirms tiie member 
register certificate LI of the service offerer I and ttie 

40 electronic signature of the challenge (step S406). If con- 
firmed (step S407: Yes), the user member U produces, 
using its own signature key, an electronic signature with 
respect to the ticket signature information F, the confir- 
mation key and ttie challenge of ttie service offerer I, i.e. 

45 with respect to user signature information S, tiie mem- 
ber register certificate Lb. tiie confirmation key PkB. tiie 
effective term Elb, tiie ticket signature information F, tiie 
ticket sale consecutive number Rf, tiie effective term Ef. 
ttie service offer guarantee Information C, tiie issue 

so consecutive number Rc. the effective term Ec and ttie 
member information Idl. and transmits it to the service 
offerer I (step S407: Yes, step S409). 
[0098] The service offerer I confirms the service offer 
guarantee information C, the ticket signature informa- 

55 tion F, the user signature information S and ttie ticket 
effective terms Ef and Ec, and further confirms whether 
tiie ticket has been used. If confirmed, an offer of ttie 
service is started (step S410). If the results of ttie 
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mutual authentication between the service offerer I and 
the user member U are negative, the service offer or the 
application is stopped (step S403: No. step S404. step 
S407: No. step S408). 

(5) Assignment of Ticket 

[0099] Through the following procedure, transfer of a 
ticket can be carried out between merrdders. 
[0100] A member U1 delivers a ticket with a signature 
indicative of transfer certification to a member U2. The 
member U2 transmits the ticket and the transfer certifi- 
cation to the service offerer I. The service offerer I con- 
firms the ticket and the transfer certification and offers a 
service to the member U2. 

[0101] While running the membership system, there 
arises a case wherein it becomes necessary to confirm 
by other than the foregoing ticket selling organization B 
or ticket offerer I whether a member register certificate 
presented by the user member U is issued from the 
member register organization T, or whether an elec- 
tronic signature is legitimate. In this event, the legiti- 
macy of the member register certificate in question is 
confirmed using an authentication system of the 
present invention. The authentication system is pro- 
vided with a first confirming 

[0102] section which receives an electronic signature 
and a plurality of confirmation keys and confirms the 
contents thereof, and a second confirming section 
which confirms the received electronic signature with 
one of the plurality of confirmation keys. If confirmed at 
the second confirming section, it is determined that the 
electronic signature is legitimate. These confirming sec- 
tions are, for example, functional blocks formed in a 
computer when the computer reads and executes a 
given program. 

[01 03] The received electronic signature may be pro- 
duced by one of signature keys updated at different 
times. 

[0104] Refen'ing now to Fig. 13, another structural 
example of a membership system will be shown. 
[0105] Although the basic operation is the same as 
that of the membership system of the structure shown in 
Fig. 9, the key control systems of the present invention 
are provided not only at the member register organiza- 
tion T but also at the ticket selling organization B in this 
example. Further, in the membership system of the 
structure shown in Fig. 9. the ticket selling organization 
B has a pair of keys, while, in this example, issuance of 
a member register certificate L Is requested using two 
pairs of keys. 

[0106] Specifically, in the ticket selling organization B, 
two signature keys for ticket (SkBm/SkBs: hereinafter 
"ticket signature keys") are prepared as a main key and 
an auxiliary key, which are updated, for example, 
according to the key control schedule as shewn In Rg. 
3. 

[0107] Updating timings of the member register certif- 



icate L and updating timings of each ticket signature key 
are not necessarily set the same with each other, but 
may be set the same with each other. However, it is nec- 
essary that each ticket signature key has an effective 
term equal to or longer than an effective term of the 
member register certificate L. 
[01 08] Here, such ticket signature keys are used each 
having the same updating timings as the member regis- 
ter certificate L and an effective term of the same time 
length as the member register certificate L. For exam- 
ple, it is assumed that a member registration is exe- 
cuted on April 1 and updated per year. 
[01 09] When an effective term Elb of a member regis- 
ter certificate Lb of the ticket selling organization B has 
expired, the ticket selling organization B sends Its own 
confirmation keys PkBm/PkBs at tiiat time to the mem- 
ber register organization T to request issuance of a new 
member register certificate Lb. 
[01 1 0] Upon depositing service offer guarantee infor- 
mation C at the ticket selling organization 6, the sen/lce 
offerer I acquires the member register certificate Lb of 
the ticket selling organization B, the confirmation keys 
PkBm/PkBs and tiie effective term Elb. An effective 
term Ec of the service offer guarantee information C is 
set to, for example, no longer than one year after the 
issuance. If the signature of the member register certifi- 
cate Lb is confirmed, the member register certificate Lb, 
the confirmation keys PkBm/PkBs and the effective 
term Elb are kept. 

[01 1 1 ] Upon purchasing a ticket, the user member U 
acquires the member register certificate Lb of the ticket 
selling organization B. It Is one of the merits to provide 
the key control system of the present Invention at the 
ticket selling organization B tiiat it is not necessary to 
keep the acquired member register certificate Lb of tfie 
ticket selling organization after confirming the ticket. 
[01 1 2] The user member U transmits the ticket to the 
service offerer I. Here, the user member U ti'ansmits the 
service offer guarantee information C, ticket signature 
information F, user signature Information S. a member 
register certificate Lu, the effective term Ec, an issuance 
consecutive number Rc. member information Idl, a 
ticket sale consecutive number Rf. an effective term Ef, 
a confirmation key PkU and an effective term Elu. 
[0113] Even in a case where the key of the service 
offerer I is updated after the service offerer I acquires 
the member register certificate Lb of the ticket selling 
organization B and before the user member U acquires 
the signature of the ticket selling organization B, since 
the member register certificate Lb can be confirmed 
witii either of the main key and the auxiliary key of the 
ticket selling organization B, it is not necessary to carry 
out a process of acquiring the key again. 
[0114] Now. the key updating schedule will be 
described. 

[01 15] Also in this case, the member register organi- 
zation T updates each key per year. As described 
before, tiie member register organization T produces a 
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key, effective for five years, every two years. This key is 
used as an auxiliary key in the first and last periods, i.e. 
in the periods of the first and fourth years, and as a main 
key in the intermediate two periods, i.e. in the periods of 
the second and third years. In this case, the effective 
term of the member register certificate is set to one year 
or less than one year. The ticket selling organization B 
updates the keys at different timings as compared with 
the member register organization T. in this case, the 
cycle Is the same. i.e. one year. An effective term of the 
ticket signature information F is set to one year or less 
than one year. 

[0116] The member register organization T and the 
ticket selling organization B register the updated keys, 
respectively. This is for substituting for authenticated 
communication. With this arrangement, the user mem- 
ber U and the service offerer I can acquire the keys of 
the member register organization T and the ticket sell- 
ing organization B from the center OA when updating 
the member register certificate L. registering the service 
offer guarantee information C and purchasing the ticket 
signature information R 

[01 1 7] Hereinbelow. the run of actual key updating will 
be described according to a schedule example of Fig. 
14. 

[0118] Here, It is the main point that the member reg- 
ister certificates issued by the member register organi- 
zation T can be confirmed between the service offerer I 
and the ticket selling organization B upon depositing the 
service offer guarantee information C, between the user 
member U and the ticket selling organization B upon 
purchasing the ticket and between the user member U 
and the service offerer I upon using the ticket, and that 
the ticket signature information F issued by the ticket 
selling organization B can be confirmed upon using the 
ticket. 

[0119] In Fig. 14. it Is assumed that the contents of 
confirmation keys PkTI in the first period (first year) are 
such that a main key Is tO and an auxiliary key is t1. In 
the second period, confirmation keys PkT2 are such 
that a main key and an auxiliary key are switched there- 
between and thus the main key becomes t1 while the 
auxiliary key becomes tO. Further, in the third period, 
confirmation keys PkT3 are such that a main key 
remains t1 while an auxiliary key has the contents t2 
newly produced. 

[0120] A member register certificate LI of the user 
member U is issued in the third period. Specifically, the 
member register certificate LI is produced by a main 
key of signature keys SkT3 corresponding to the main 
key t1 of the confirmation keys PkT3 in the third period. 
At this time, the main key t1 and the auxiliary key t2 of 
the confirmation keys PkT3 in the third period are deliv- 
ered to the user member U. Then, a member register 
certificate L2 is Issued In the fourth period. Specifically, 
the member register certificate L2 Is produced by a 
main key of signature keys SkT4 corresponding to a 
main key t2 of confirmation keys PkT4 In the fourth 



period. At this time, the main key t2 and an auxiliary key 
t1 of the confirmation keys PkTS are delivered to the 
user member U. 

[01 21 ] The foregoing is also applied similarly to mem- 

5 ber register certificates LI. 12, L3, ... of the service 
offerer I and member register certificates LI, L2. L3. ... 
of the ticket selling organization B. 
[01 22] Here, however, keys of the ticket selling organ- 
ization B are also updated according to the key control 

10 method of the present invention. A portion with PkBI , 
PkB2, ... shown beside the ticket selling organization B 
in Fig. 14 represents this. The ticket selling organization 
B sends confirmation keys in the form of a main key and 
an auxiliary key to the member register organization T 

15 to request issuance of a member register certificate. 
[01 23] Now, authentication between the user member 
U and the service offerer I will be described. 
[01 24] The member register certificate L2 of the user 
member U has issued with the signature key t1 . Since 

20 the service offerer I has acquired the main key t1 and 
the auxiliary key t2 upon issuance of its member regis- 
ter certificate L2 having an effective term overlapping 
with the member register certificate L2 of the user mem- 
ber U, the member register certificate LI of the user 

25 member U can be confirmed with the main key t1. On 
the other hand, since the service offerer I has acquired 
the main key t2 and the auxiliary key t1 upon issuance 
of its member register certificate L2, the signature con- 
tents of the member register certificate LI of the user 

30 member U can be confirmed with the auxiliary key t1 . 
[0125] Similarly, since the user member U has 
acquired the main key t1 and the auxiliary key t2 upon 
issuance of its member register certificate LI . the mem- 
ber register certificate LI of the service offerer I pro- 

35 duced witii the main key t1 or the member register 
certificate L2 produced with the main key t2 can be con- 
firmed. On the other hand, since the user member U 
has acquired the main key t2 and the auxiliary key t1 
upon issuance of its member register certificate L2. the 

40 member register certificate L2 of the service offerer I 
can be confirmed with the main key t2. 
[0126] Confirmation can be similarly carried out 
between the service offerer I and the ticket selling 
organization B and between tiie user member U and the 

45 ticket selling organization B. 

[0i27] As described above, tiie issuance of the mem- 
ber register certificate can be carried out anytime and, 
as long as the mutual member register certificates L are 
effective, the counterpart member register certificates L 

so can be confirmed anytime in any oonr>bination thereof 
between the service offerer I and the ticket selling 
organization B. between the user member U and the 
ticket selling organization B and between tiie user mem- 
ber U and the service offerer I, using the keys (PkTn) 

55 held by themselves. 

[0128] Now. the ticket signature information F will be 
described in more detail. 

[01 29] H is assumed that the ticket selling organization 
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B performs the key updating in order of the confirmation 
keys PkBI. PkB2, ... Specrfically. it carries out the key 
updating according to the same rule wherein the forego- 
ing member register organization T updates the confir< 
mation keys PkTI, PkT2. ... 

[0130] The service offerer I registers the service offer 
guarantee information C at the ticket selling organiza- 
tion B. Upon such a registration, the service offerer t 
obtains the main key and the auxiliary key of the ticket 
selling organization B. It is assumed that effective terms 
of the service offer guarantee information C and the 
ticket signature information F are set to, for example, 
one year. 

[0131] When the user member U purchases a ticket, 
the ticket selling organization B produces ticket signa- 
ture information F1 using a signature key corresponding 
to a main key b1 of confirmation keys PkBS. On the 
other hand, the service offerer I has acquired either of 
confirmation keys PkB2 and the confirmation keys PkBS 
of the ticket selling organization B upon registering the 
sen^ice offer guarantee information C at the ticket sell- 
ing organization B (because the effective term of the 
service offer guarantee information C is one year). 
There may also be a chance that the service offerer I 
has acquired confirmation keys PkB4 before tiie user 
member U uses tiie ticket signature information F1 . In 
any case, the service offerer I has any of the confirma- 
tion keys PkB2, PkBS and PkB4 when tine user member 
U uses the ticket signature information F1 and. since b1 
is included in either of a main key or an auxiliary key 
thereof, the signature can be confirmed. 
[0132] Now, the second example where the user 
member U purchases a ticket will be cited. In this case, 
the ticket selling organization B produces ticket signa- 
ture information F2 using a signature key corresponding 
to a main key b2 of the confirmation keys PkB4. On the 
other hand, the service offerer I has acquired either of 
confirmation keys PkBS and the confirmation keys PkB4 
of the ticket selling organization B upon registering the 
sen^ice offer guarantee information C at tiie ticket sell- 
ing organization B. There may also be a chance tiiatthe 
sen^ice offerer I has acquired confirmation keys PkBS 
before the user member U uses the ticket signature 
information F1 . In any case, the service offerer I has any 
of the confirmation keys PkBS. PkB4 and PkBS when 
the user member U uses the ticket signature information 
F1 and, since b2 is included in eitiier of a main key or an 
auxiliary key thereof, the signature can be confirmed. 
[01 33] As described above, by updating the signature 
keys of the ticket selling organization B, the service 
offerer I can confirm anytime the signature F issued by 
the ticket selling organization B relative to tiie user 
member U. 

Industrial Applicability 

[0134] According to the present invention, a plurality 
of keys to be used as signature keys are prepared and 



updated according to a given rule, and confirmation 
keys are updated synchronously with updating the sig- 
nature keys and made public. Thus, it Is not necessary 
to stop issuance of the electronic signature upon updat- 
ing, or limit the service utilization after the key updating. 
[0135] Further, it is not necessary to obtain a key 
tiirough on-line or acquire a public key certificate upon 
authentication. 

[01 36] Moreover. It is possible to carry out through off- 
line mutual autiientication of electronic signatures 
issued at different times. 

Claims 

1 . An electronic signature key control mettiod charac- 
terized by preparing a plurality of keys whose con- 
tents are updated periodically at mutually different 
times; switching the plurality of keys one by one per 
switching cycle shorter than an updating cycle of 
each key; and using tiie switched key as a signature 
key for electronic signature. 

2. The key control method according to claim 1 , char- 
acterized in that said switching cycles are set to the 
same time length witii respect to all the keys. 

3. A key control mettiod characterized by dividing an 
updating period of each of a plurality of keys, whose 
contents are updated periodically at mutually differ- 
ent times, into fliree periods; setting first and third 
divided periods as preliminary periods and an Inter- 
mediate divided period as a use period for using as 
a signature key for electronic signature; and switch- 
ing the use periods of tiie respective keys so as to 
continue in time with each other but not to overlap 
with each other. 

4. The key control method according to claim S, char- 
acterized in tiiat an effective term of an electronic 
signature based on said signature key is equal to or 
shorter than a period which is the shorter of the first 
divided period and the last divided period. 

5. TTie key control method according to claim S. char- 
acterized in that tiie sum of the first and last divided 
periods is set equal in time length to said Intermedi- 
ate divided period with respect to each key 

6. The key control method according to claim S. char- 
acterized in that the first divided period and the last 
divided period are set equal in time length to each 
other with respect to each key. 

7. The key control method according to claim 3. char- 
acterized In that tiie last divided period of one of tiie 
keys and the first divided period of another key are 
set equal in time lengtii to each otiier. 
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8. The key control method according to claim 3, char- 
acterized in that in the use period of one of the 
keys, another key is updated, and the use period of 
said updated another key is started at a time point 

of the termination of the use period of said one of 5 
the keys. 

9. The key control method according to claim 1 or 3, 
characterized in that despite said switching, each of 
said keys can be used as the signature key. 10 

10. An electronic signature key control method charac- 
terized by preparing a first key updated periodically 
and a second key updated periodically at different 
times as compared with said first key; using either is 
of said first and second keys as a signature key for 
electronic signature by alternately switching them 
per switching cycle shorter than an updating cyde 

of each key; 

20 

making public in pair a third key which is 
updated synchronously with an updating time 
of said first key and becomes a confirmation 
key when said first key is the signature key. and 
a fourth key which is updated synchronously 2s 
with an updating time of said second key and 
becomes a confirmation key when said second 
key is the signature key; and offering said third 
and fourth keys for confirming the electronic 
signature. 30 

11. The key control method according to claim 10. 
characterized in that a use termination time is 
added to each of said third and fourth keys. 

35 

12. The key control method according to claim 1, 3 or 
10, characterized in that said updating cycle is set 
to no longer than a time period derived by subtract- 
ing an effective term of an electronic signature pro- 
duced based on the corresponding key from an 40 
average time over which security of the correspond- 
ing key can be ensured. 

13. An electronic signature key control method com- 
prising: 45 



order; and 

a step of confirming said electronic signature 
using one of the M confirmation keys made 
public. 

14. An electronic signature key control system charac- 
terized by comprising a key holding means for hold- 
ing a plurality of keys to be used as signature keys 
for electronic signature: a key updating means for 
cyclically updating the contertts of said plurality of 
keys at mutually different times; and a signature 
means for reading out the key. whose contents 
were updated by said key updating means, from 
said key holding means according to a given rule, 
and executing an electronic signature with respect 
to given signature object data using the read-out 
key as the signature key 

15. An electronic signature key control system charac- 
terized by comprising a key holding means for hold- 
ing a first key and a second key which are used as 
signature keys for electronic signature; a key updat- 
ing means for updating the contents of said first key 
and said second key in the same cycle at mutually 
different times; and a signature means for reading 
out the key, whose contents were updated by said 
key updating means, from said key holding means 
according to a given rule, and executing an elec- 
tronic signature with respect to given signature 
object data using the read-out first or second key as 
the signature key 

16. The key control system according to claim 15, char- 
acterized by comprising a key holding means for 
holding a third key which is updated synchronously 
with said first key and becomes a confirmation key 
when said first key is the signature key, and a fourth 
key which is updated synchronously with said sec- 
ond key and becomes a confirmation key when said 
second key is the signature key, wherein when the 
electronic signature is carried out using said first or 
second key. said third and fourth keys are made 
public at the same time. 

17. The key control system according to claim 14 or 1 5, 
characterized in that said key updating means 
divides said updating cycle into three periods, and 
each key is updated per time period shorter than 
any of the divided periods of the corresponding key 

18. TTie key control system according to claim 1 7, char- 
acterized in that said key updating means com- 
prises a mode selecting means for selectively 
applying a first mode for transfen'ing the key con- 
tents of one of the divided periods to a subsequent 
divided period and a second mode for exchanging 
the key contents mutually upon shifting from a prior 
divided period to a sut>sequent divided period, and 



a step of preparing M (M represents a natural 
number greater than one) signature keys 
updated periodically at mutually different times, 
and making public M confirmation keys at the so 
same time, said M confirmation keys updated 
synchronously with updating times of said sig- 
nature keys, respectively; 
a step of executing an electronic signature with 
respect to given signature object data by ss 
selecting one of said prepared M signature 
keys per cycle shorter than an updating cycle 
of tiie corresponding signature key in a given 
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updates, during applying said first mode to one of 
the keys, the key contents of another key. 

1 9. The key control system according to daim 1 7. char- 
acterized in that said signature means uses each of s 
said keys as the signature key during a period from 
the termination of a first period, after updating, of 
said divided periods to the start of a last period of 
said divided periods. 

20. The key control system according to claim 1 4 or 15, 
characterized in that when said electronic signature 
is used for member authentication between mem- 
bers, said signature means includes, in said signa- 
ture object data, an effective term of said electronic 
signature and personal information including a sig- 
nature confirmation key of the corresponding mem- 
ber and executes said electronic signature. 

21 . The key control system according to claim 1 4 or 15. 
characterized in that when said electronic signature 
is used for authenticating an electronic ticket usable 
between members, said signature means includes, 
in said signature object data, information for identi- 
fying a service corresponding to said electronic 
ticket and a signature confirmation key of the mem- 
ber and executes said electronic signature. 

22. The key control system according to claim 21 , char- 
acterized in that consecutive number information 
managed by a subject offering service information 
based on said electronic ticket is further included in 
said signature object data. 

23. An electronic signature authentication system char- 
acterized by comprising a signature receiving 
means for receiving an electronic signature pro- 
duced with one of M (M represents a natural 
number greater than one) signature keys, and M 
confirmation keys which are updated synchro- 
nously with updating the M signature keys including 
the signature key used for said electronic signature; 
and a signature confirming means for confirming 
said received electronic signature with one of said 
M confirmation keys, wherein the electronic signa- 
ture confirmed by said signature confirming means 
Is judged to be legitimate. 

24. An electronic signature authentication system char- 
acterized by comprising a signature receiving 
means for receiving a plurality of electronic signa- 
tures produced with signature keys, updated at dif- 
ferent times, of M (M represents a natural number 
greater than one) signature keys, and M confirma- 
tion keys which are updated synchronously with 
updating the M signature keys including the signa- 
ture keys used for said electronic signatures; and a 
signature confirming means for confirming said 



received electronic signatures with one of said M 
confirmation keys, wherein the electronic signature 
confirmed by said signature confirming means is 
judged to be legitimate. 
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